Specifies that the oauth provider filters should be applied to the application security policy.
The reference to the bean that defines the consumer details service.
The reference to the bean that defines the token services.
The URL at which a request for an unauthenticated request token will be serviced. Default value: "/oauth_request_token"
The URL at which a request to authenticate a request token will be serviced. Default value: "/oauth_authenticate_token"
The URL at which a request for an access token (using an authenticated request token) will be serviced. Default value: "/oauth_access_token"
Reference to the bean that is the filter chain that is to be instrumented with support for OAuth.
Whether the provider requires OAuth 1.0a support. Default: true.
The URL to which the user will be redirected upon authenticating a request token, but only if there was no
callback URL supplied from the oauth consumer. Default value: "/"
The URL to which the user will be redirected if for some reason authentication of a request token failed. Default
behavior is to just issue a "401: unauthorized" response.
The reference to the bean that defines the nonce services. Default value:
org.springframework.security.oauth.provider.nonce.ExpiringTimestampNonceServices
The reference to the bean that defines the provider support logic. Default value:
org.springframework.security.oauth.provider.CoreOAuthProviderSupport
The name of the request parameter that specifies to the 'authenticate-token-url' the id of the token that is to be authenticated. Default value:
"requestToken".
The name of the request parameter that specifies to the 'authenticate-token-url' the callback URL to which the user is to be redirected upon
successful authentication. Default value: "callbackURL".
The reference to the bean that defines the verifier services. Default value:
org.springframework.security.oauth.provider.verifier.RandomValueVerifierServices
The reference to the bean that defines the oauth authentication handler. Default value:
org.springframework.security.oauth.provider.DefaultAuthenticationHandler
Default element that contains the definition of the consumers that are allowed to access this service.
Definition of a consumer.
The consumer key.
The consumer secret.
The type of the secret. Default: shared.
The secret is a simple shared secret.The secret is an rsa certificate. It will be located according to org.springframework.core.io.ResourceLoader#getResource(String)
Name of the consumer.
Authorities that are granted to the consumer (comma-separated).
Name of the resource that the consumer can access with this key/secret.
Description of the resource that the consumer can access with this key/secret.
Whether this consumer is required to obtain an authenticated oauth token. If "true", it means that the OAuth consumer won't be
granted access to the protected resource unless the user is directed to the token authorization page. If "false', it means that
the provider has an additional level of trust with the consumer. Not requiring an authenticated access token is also known as
"2-legged" OAuth or "signed fetch".
Element for declaring and configuring an in-memory implementation of the provider token service.
Interval (in seconds) that a cleanup thread should be awakened to cleanup expired tokens.
Element for declaring and configuring an expression handler for oauth security expressions. See http://static.springsource.org/spring-security/site/docs/3.0.x/reference/el-access.html
Element for declaring and configuring an in-memory implementation of the provider verifier service.
Length (in bytes) of the verifier.
Specifies that the oauth consumer filters should be applied to the application security policy.
The pattern for the URL.
The resources (comma separated list of resource ids) for which the consumer requires access in order to service the URL.
The HTTP method.
The reference to the bean that defines the protected resource details service.
The page where the user should be redirected on OAuth failure.
Reference to the bean that is the filter chain that is to be instrumented with support for OAuth.
Allows a customized failure handler to be used for OAuth failure. Bean ref to instance of
org.springframework.security.web.access.AccessDeniedHandler.
Defines the type of pattern used to specify URL paths (either JDK
1.4-compatible regular expressions, or Apache Ant expressions). Defaults to "ant" if
unspecified.
Whether test URLs should be converted to lower case prior to comparing
with defined path patterns. If unspecified, defaults to "true".
The reference to the bean that defines the consumer support.
The reference to the bean that defines the token services.
The reference to the bean that defines the remember-me services, instance of org.springframework.security.oauth.consumer.rememberme.OAuthRememberMeServices
Whether there needs to be an authenticated user in order to access a protected resource.
The reference to the bean that defines the redirect strategy, used when redirecting the user for access authorization.
Default value is an instance of "org.springframework.security.web.DefaultRedirectStrategy".
Element for declaring and configuring an in-memory implementation of the consumer protected resources service.
Definition of a protected resource.
Any additional oauth parameters that is supported by the resource provider.Any additional request headers that need to be sent to the resource provider.
The resource id.
The consumer key.
The consumer secret.
The URL to the request token.
The HTTP method to use for the request token.
The URL to which the user needs to be redirected in order to authorize the request token.
Name of the request parameter to use to pass the value of the request token when redirecting the user to the authorization page. Default value: "requestToken"
Name of the request parameter to use to pass the value of the callback URL when redirecting the user to the authorization page. Default value: "callbackURL"
The URL to the access token.
The HTTP method to use for the access token.
The signature method to use (e.g. "HMAC-SHA1", "PLAINTEXT", etc.). Default "HMAC-SHA1".
Whether the provider accepts the HTTP authorization header. Default: "true"
The "realm" for the HTTP authorization header.
Whether the consumer details